Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantis mantis 1.0.6 vulnerabilities and exploits
(subscribe to this query)
911
VMScore
CVE-2008-4687
manage_proj_page.php in Mantis prior to 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
Mantis Mantis 1.0.2
Mantis Mantis 1.0.1
Mantis Mantis 1.0.4
Mantis Mantis 1.0.3
Mantis Mantis 1.1.2
Mantis Mantis
Mantis Mantis 1.0.6
Mantis Mantis 1.0.5
Mantis Mantis 1.0.8
Mantis Mantis 1.1.1
Mantis Mantis 1.0.7
Mantis Mantis 0.19.4
Mantis Mantis 0.19.3
2 EDB exploits
2 Github repositories
890
VMScore
CVE-2006-6515
Mantis prior to 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
Mantis Mantis 1.0.3
Mantis Mantis 1.0.4
Mantis Mantis 1.0.5
Mantis Mantis 1.0.6
Mantis Mantis 1.0.0 Rc1
Mantis Mantis 1.0.0a1
Mantis Mantis 1.0.0a3
Mantis Mantis 1.0.2
Mantis Mantis
Mantis Mantis 1.0.0 Rc2
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 1.0.0 Rc4
Mantis Mantis 1.0.0 Rc5
Mantis Mantis 1.0.0
Mantis Mantis 1.0.0a2
Mantis Mantis 1.0.1
668
VMScore
CVE-2014-8554
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT prior to 1.2.18 allows remote malicious users to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete...
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.0.9
668
VMScore
CVE-2012-1123
The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT prior to 1.2.9 allows remote malicious users to bypass authentication via a null password.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.1.2
668
VMScore
CVE-2008-4689
Mantis prior to 1.1.3 does not unset the session cookie during logout, which makes it easier for remote malicious users to hijack sessions.
Mantis Mantis 1.0.5
Mantis Mantis 1.0.4
Mantis Mantis
Mantis Mantis 1.0.7
Mantis Mantis 1.0.6
Mantis Mantis 0.19.3
Mantis Mantis 1.0.8
Mantis Mantis 1.1.1
Mantis Mantis 1.0.1
Mantis Mantis 0.19.4
Mantis Mantis 1.0.3
Mantis Mantis 1.0.2
668
VMScore
CVE-2008-3333
Directory traversal vulnerability in core/lang_api.php in Mantis prior to 1.1.2 allows remote malicious users to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
Mantis Mantis 0.10
Mantis Mantis 0.10.0
Mantis Mantis 0.12.0
Mantis Mantis 0.13
Mantis Mantis 0.14.4
Mantis Mantis 0.14.5
Mantis Mantis 0.15.10
Mantis Mantis 0.15.11
Mantis Mantis 0.15.7
Mantis Mantis 0.15.8
Mantis Mantis 0.17.2
Mantis Mantis 0.17.3
Mantis Mantis 0.18.0a1
Mantis Mantis 0.18.0a2
Mantis Mantis 0.19
Mantis Mantis 0.19.0
Mantis Mantis 0.19.4
Mantis Mantis 0.9
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 1.0.0 Rc4
Mantis Mantis 1.0.0rc3
Mantis Mantis 1.0.0rc4
655
VMScore
CVE-2008-3332
Eval injection vulnerability in adm_config_set.php in Mantis prior to 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
Mantis Mantis 0.11
Mantis Mantis 0.11.0
Mantis Mantis 0.14
Mantis Mantis 0.10
Mantis Mantis 0.10.0
Mantis Mantis 0.12.0
Mantis Mantis 0.13
Mantis Mantis 0.14.4
Mantis Mantis 0.14.5
Mantis Mantis 0.15.10
Mantis Mantis 0.15.11
Mantis Mantis 0.15.7
Mantis Mantis 0.15.8
Mantis Mantis 0.17.2
Mantis Mantis 0.17.3
Mantis Mantis 0.18.0a1
Mantis Mantis 0.18.0a2
Mantis Mantis 0.19
Mantis Mantis 0.19.0
Mantis Mantis 0.19.0 Rc1
Mantis Mantis 0.19.4
Mantis Mantis 0.9
1 EDB exploit
605
VMScore
CVE-2011-3357
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT prior to 1.2.8 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt
Mantisbt Mantisbt 1.1.1
570
VMScore
CVE-2012-1119
MantisBT prior to 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote malicious users to copy bug reports without detection.
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.0.8
515
VMScore
CVE-2010-4350
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT prior to 1.2.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Li...
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 0.19.0a1
Mantisbt Mantisbt 1.0.0a2
Mantisbt Mantisbt 1.0.0a3
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 1.0.0a1
Mantisbt Mantisbt 0.19.5
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.8
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »